Another global outage involving Microsoft services occurred on Tuesday, July 30, 2024, which prompted Microsoft to announce a mitigation statement on Microsoft Azure’s website that, “Between approximately at 11:45 UTC and 19:43 UTC on 30 July 2024, a subset of customers may have experienced issues connecting to a subset of Microsoft services globally. Impacted services included Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, as well as the Azure portal itself and a subset of Microsoft 365 and Microsoft Purview services.” The incident was first initiated by a DDoS attack from an unidentified threat actor, resulting in errors, timeouts, and latency spikes on Microsoft’s Azure Front Door (AFD) and Azure Content Delivery Network (CDN). In their investigation, they further stated, “While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.” They mitigated most of the impact by immediately changing the network configuration to strengthen their DDoS protection and switched to alternate networking paths to alleviate the issue. Microsoft stated, “We will publish a Preliminary Post Incident Review (PIR) within approximately 72 hours to share more details on what happened and how we responded. After our internal retrospective is completed, generally within 14 days, we will publish a Final Post Incident Review with any additional details and learnings.”

Mr. Chen Heffer, Founder and President of CyTech International, shared his point of view on this incident: “Unfortunately, today, the world is not a very stable place to live in. Huntington’s ‘Clash of Civilizations’ is happening before our very eyes daily, and the cyber front is just another one of many. These days, organizations need to choose sides concerning who and how they do their business. The “Long Peace” we had for almost 80 years since World War II ended and the Cold War started is no longer. Now, the superpowers USA, China, and Russia are all in the course of a direct collision, and they don’t hide it anymore”. Heffer, who holds a Triple Major Bachelor degree in Management, Political Science, and International Relations, sees the theory becomes a reality in front of him wherever he works worldwide. “We work everywhere in CyTech. Our headquarters is in Colorado, US, and we work in the Middle East, Europe, Africa, Asia, Oceania, and Latin America. Since the establishment of CyTech 7 years ago, in 2017, we have experienced the shift from being open to all industries and clients to choosing sides in this global tension. Microsoft is playing in the same territories as us, and they are part of the same market. They are part of the Supply Chain of most, if not all, companies worldwide in this way or another, and as such, they are being targeted for their business with “the wrong side of the map.”

We asked Heffer for advice as an expert with over 20 years as a CISO worldwide and 30 years in the cyber industry from its early days: “As a CISO, my main concern is always my organization’s supply chain. As a CISO, I have very little to no control over it, as it is an area of the business that is almost always managed by other parts of the organization. I can influence it, but I cannot control it, even when discussing a vendor like Microsoft doing way above and beyond the “book of cyber preparedness for doomsday.” Microsoft is one of the leading players in cyber security these days, and for me as a CISO, I need to rely mainly on their enormous efforts to prepare and overcome such incidents as this DDoS. However, not all rely on Microsoft, and I follow the CyTech methodology for Supply Chain Risk Management, which includes 27 different tests we run on each vendor, categorized into seven different angels of business and cyber analysis of each vendor, and that gives me the ability to view all vendors in the organization and the related risks. This SCRM methodology allows me to rank my vendors in a “magic quad” of Strategic, Tactical, Operational, or Commodity. Microsoft, obviously, always comes out as a Strategic vendor, which then helps me work beforehand and prepare a short and simple plan to overcome challenges such as a DDoS of one of my main vendors”.

#CyTech #cybernews #cybersecurity #ciso #cisoworkplace #microsoft #ddos